Hi, My weekly Network Risk Report from Firepower shows me the information below. How do I go about actually finding the 3 hosts running IE10 or 6 hosts running Firefox 35? Where do I click? I spent 20 minutes looking and cannot find this info.
Go under Analysis > Connections > Events. Switch to the "Table View of Connection Events".
Then search for only events with a browser name in the client field.
In the results window then go in and tweak the many available fields down to the few you care about. Tell it to sort - first by client and then by version. You may want to tweak the maximum results and time window to suit as well. Here I am selecting only time of first packet, Initiator IP, Client and Client Version:
Click OK and then Save and Generate the report. It should look something like this (addresses redacted for public display):
You may need to iterate with your search excluding the current versions. Note that discovery of client versions is passive so you don't always get 100% accurate results but it's pretty good.
If you're able to upgrade your FMC to 6.6 you will find it is much faster at searches - there's a new database engine under the hood (monetdb).
If you're running a VM they do increase the memory required quite a bit though - 28 GB is the new requirement.